]> git.proxmox.com Git - mirror_edk2.git/blame - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
MdeModulePkg/Variable: [CVE-2017-5753] Fix bounds check bypass
[mirror_edk2.git] / MdeModulePkg / Universal / Variable / RuntimeDxe / VariableSmm.c
CommitLineData
8a2d4996 1/** @file\r
fa0737a8
SZ		 2 The sample implementation for SMM variable protocol. And this driver\r
3 implements an SMI handler to communicate with the DXE runtime driver\r
8a2d4996 4 to provide variable services.\r
5\r
2445a70e 6 Caution: This module requires additional review when modified.\r
7 This driver will have external input - variable data and communicate buffer in SMM mode.\r
8 This external input must be validated carefully to avoid security issue like\r
9 buffer overflow, integer overflow.\r
10\r
11 SmmVariableHandler() will receive untrusted input and do basic validation.\r
12\r
fa0737a8
SZ		 13 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),\r
14 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),\r
2445a70e 15 SmmVariableGetStatistics() should also do validation based on its own knowledge.\r
16\r
39cde03c 17Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>\r
fa0737a8
SZ		 18This program and the accompanying materials\r
19are licensed and made available under the terms and conditions of the BSD License\r
20which accompanies this distribution. The full text of the license may be found at\r
2445a70e 21http://opensource.org/licenses/bsd-license.php\r
8a2d4996 22\r
fa0737a8
SZ		 23THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
24WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
8a2d4996 25\r
26**/\r
fa0737a8 27\r
d00ed85e 28#include <Protocol/SmmVariable.h>\r
29#include <Protocol/SmmFirmwareVolumeBlock.h>\r
8a2d4996 30#include <Protocol/SmmFaultTolerantWrite.h>\r
ff843847 31#include <Protocol/SmmEndOfDxe.h>\r
efb01a10 32#include <Protocol/SmmVarCheck.h>\r
2445a70e 33\r
8a2d4996 34#include <Library/SmmServicesTableLib.h>\r
842b1242 35#include <Library/SmmMemLib.h>\r
8a2d4996 36\r
d00ed85e 37#include <Guid/SmmVariableCommon.h>\r
8a2d4996 38#include "Variable.h"\r
8a2d4996 39\r
d00ed85e 40extern VARIABLE_INFO_ENTRY *gVariableInfo;\r
8a2d4996 41EFI_HANDLE mSmmVariableHandle = NULL;\r
42EFI_HANDLE mVariableHandle = NULL;\r
43BOOLEAN mAtRuntime = FALSE;\r
5e5bb2a9
SZ		 44UINT8 *mVariableBufferPayload = NULL;\r
45UINTN mVariableBufferPayloadSize;\r
ff843847 46extern BOOLEAN mEndOfDxe;\r
8021f4c7 47extern VAR_CHECK_REQUEST_SOURCE mRequestSource;\r
ff843847 48\r
fa0737a8
SZ		 49/**\r
50 SecureBoot Hook for SetVariable.\r
51\r
52 @param[in] VariableName Name of Variable to be found.\r
53 @param[in] VendorGuid Variable vendor GUID.\r
54\r
55**/\r
56VOID\r
57EFIAPI\r
58SecureBootHook (\r
59 IN CHAR16 *VariableName,\r
60 IN EFI_GUID *VendorGuid\r
61 )\r
62{\r
63 return ;\r
64}\r
65\r
ff843847
RN		 66/**\r
67\r
68 This code sets variable in storage blocks (Volatile or Non-Volatile).\r
69\r
70 @param VariableName Name of Variable to be found.\r
71 @param VendorGuid Variable vendor GUID.\r
72 @param Attributes Attribute value of the variable found\r
73 @param DataSize Size of Data found. If size is less than the\r
74 data, this value contains the required size.\r
75 @param Data Data pointer.\r
76\r
77 @return EFI_INVALID_PARAMETER Invalid parameter.\r
78 @return EFI_SUCCESS Set successfully.\r
79 @return EFI_OUT_OF_RESOURCES Resource not enough to set variable.\r
80 @return EFI_NOT_FOUND Not found.\r
81 @return EFI_WRITE_PROTECTED Variable is read-only.\r
82\r
83**/\r
84EFI_STATUS\r
85EFIAPI\r
86SmmVariableSetVariable (\r
87 IN CHAR16 *VariableName,\r
88 IN EFI_GUID *VendorGuid,\r
89 IN UINT32 Attributes,\r
90 IN UINTN DataSize,\r
91 IN VOID *Data\r
92 )\r
93{\r
94 EFI_STATUS Status;\r
95\r
96 //\r
97 // Disable write protection when the calling SetVariable() through EFI_SMM_VARIABLE_PROTOCOL.\r
98 //\r
8021f4c7 99 mRequestSource = VarCheckFromTrusted;\r
ff843847
RN		 100 Status = VariableServiceSetVariable (\r
101 VariableName,\r
102 VendorGuid,\r
103 Attributes,\r
104 DataSize,\r
105 Data\r
106 );\r
8021f4c7 107 mRequestSource = VarCheckFromUntrusted;\r
ff843847
RN		 108 return Status;\r
109}\r
5e5bb2a9 110\r
8a2d4996 111EFI_SMM_VARIABLE_PROTOCOL gSmmVariable = {\r
112 VariableServiceGetVariable,\r
113 VariableServiceGetNextVariableName,\r
ff843847 114 SmmVariableSetVariable,\r
8a2d4996 115 VariableServiceQueryVariableInfo\r
116};\r
117\r
efb01a10
SZ		 118EDKII_SMM_VAR_CHECK_PROTOCOL mSmmVarCheck = { VarCheckRegisterSetVariableCheckHandler,\r
119 VarCheckVariablePropertySet,\r
120 VarCheckVariablePropertyGet };\r
121\r
8a2d4996 122/**\r
123 Return TRUE if ExitBootServices () has been called.\r
fa0737a8 124\r
8a2d4996 125 @retval TRUE If ExitBootServices () has been called.\r
126**/\r
127BOOLEAN\r
128AtRuntime (\r
129 VOID\r
130 )\r
131{\r
132 return mAtRuntime;\r
133}\r
134\r
135/**\r
136 Initializes a basic mutual exclusion lock.\r
137\r
fa0737a8
SZ		 138 This function initializes a basic mutual exclusion lock to the released state\r
139 and returns the lock. Each lock provides mutual exclusion access at its task\r
8a2d4996 140 priority level. Since there is no preemption or multiprocessor support in EFI,\r
141 acquiring the lock only consists of raising to the locks TPL.\r
142 If Lock is NULL, then ASSERT().\r
143 If Priority is not a valid TPL value, then ASSERT().\r
144\r
145 @param Lock A pointer to the lock data structure to initialize.\r
146 @param Priority EFI TPL is associated with the lock.\r
147\r
148 @return The lock.\r
149\r
150**/\r
151EFI_LOCK *\r
152InitializeLock (\r
153 IN OUT EFI_LOCK *Lock,\r
154 IN EFI_TPL Priority\r
155 )\r
156{\r
157 return Lock;\r
158}\r
159\r
160/**\r
161 Acquires lock only at boot time. Simply returns at runtime.\r
162\r
163 This is a temperary function that will be removed when\r
164 EfiAcquireLock() in UefiLib can handle the call in UEFI\r
165 Runtimer driver in RT phase.\r
166 It calls EfiAcquireLock() at boot time, and simply returns\r
167 at runtime.\r
168\r
169 @param Lock A pointer to the lock to acquire.\r
170\r
171**/\r
172VOID\r
173AcquireLockOnlyAtBootTime (\r
174 IN EFI_LOCK *Lock\r
175 )\r
176{\r
177\r
178}\r
179\r
180\r
181/**\r
182 Releases lock only at boot time. Simply returns at runtime.\r
183\r
184 This is a temperary function which will be removed when\r
185 EfiReleaseLock() in UefiLib can handle the call in UEFI\r
186 Runtimer driver in RT phase.\r
187 It calls EfiReleaseLock() at boot time and simply returns\r
188 at runtime.\r
189\r
190 @param Lock A pointer to the lock to release.\r
191\r
192**/\r
193VOID\r
194ReleaseLockOnlyAtBootTime (\r
195 IN EFI_LOCK *Lock\r
196 )\r
197{\r
198\r
199}\r
200\r
201/**\r
0a18956d 202 Retrieve the SMM Fault Tolerent Write protocol interface.\r
8a2d4996 203\r
204 @param[out] FtwProtocol The interface of SMM Ftw protocol\r
205\r
206 @retval EFI_SUCCESS The SMM FTW protocol instance was found and returned in FtwProtocol.\r
207 @retval EFI_NOT_FOUND The SMM FTW protocol instance was not found.\r
208 @retval EFI_INVALID_PARAMETER SarProtocol is NULL.\r
209\r
210**/\r
211EFI_STATUS\r
212GetFtwProtocol (\r
213 OUT VOID **FtwProtocol\r
214 )\r
215{\r
216 EFI_STATUS Status;\r
217\r
218 //\r
219 // Locate Smm Fault Tolerent Write protocol\r
220 //\r
221 Status = gSmst->SmmLocateProtocol (\r
fa0737a8
SZ		 222 &gEfiSmmFaultTolerantWriteProtocolGuid,\r
223 NULL,\r
8a2d4996 224 FtwProtocol\r
225 );\r
226 return Status;\r
227}\r
228\r
229\r
230/**\r
0a18956d 231 Retrieve the SMM FVB protocol interface by HANDLE.\r
8a2d4996 232\r
233 @param[in] FvBlockHandle The handle of SMM FVB protocol that provides services for\r
234 reading, writing, and erasing the target block.\r
235 @param[out] FvBlock The interface of SMM FVB protocol\r
236\r
237 @retval EFI_SUCCESS The interface information for the specified protocol was returned.\r
238 @retval EFI_UNSUPPORTED The device does not support the SMM FVB protocol.\r
239 @retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or FvBlock is NULL.\r
240\r
241**/\r
242EFI_STATUS\r
243GetFvbByHandle (\r
244 IN EFI_HANDLE FvBlockHandle,\r
245 OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL **FvBlock\r
246 )\r
247{\r
248 //\r
249 // To get the SMM FVB protocol interface on the handle\r
250 //\r
251 return gSmst->SmmHandleProtocol (\r
252 FvBlockHandle,\r
253 &gEfiSmmFirmwareVolumeBlockProtocolGuid,\r
254 (VOID **) FvBlock\r
255 );\r
256}\r
257\r
258\r
259/**\r
260 Function returns an array of handles that support the SMM FVB protocol\r
fa0737a8 261 in a buffer allocated from pool.\r
8a2d4996 262\r
263 @param[out] NumberHandles The number of handles returned in Buffer.\r
264 @param[out] Buffer A pointer to the buffer to return the requested\r
265 array of handles that support SMM FVB protocol.\r
266\r
267 @retval EFI_SUCCESS The array of handles was returned in Buffer, and the number of\r
268 handles in Buffer was returned in NumberHandles.\r
269 @retval EFI_NOT_FOUND No SMM FVB handle was found.\r
270 @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the matching results.\r
271 @retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL.\r
272\r
273**/\r
274EFI_STATUS\r
275GetFvbCountAndBuffer (\r
276 OUT UINTN *NumberHandles,\r
277 OUT EFI_HANDLE **Buffer\r
278 )\r
279{\r
280 EFI_STATUS Status;\r
281 UINTN BufferSize;\r
282\r
283 if ((NumberHandles == NULL) || (Buffer == NULL)) {\r
284 return EFI_INVALID_PARAMETER;\r
285 }\r
286\r
287 BufferSize = 0;\r
288 *NumberHandles = 0;\r
289 *Buffer = NULL;\r
290 Status = gSmst->SmmLocateHandle (\r
291 ByProtocol,\r
292 &gEfiSmmFirmwareVolumeBlockProtocolGuid,\r
293 NULL,\r
294 &BufferSize,\r
295 *Buffer\r
296 );\r
297 if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) {\r
298 return EFI_NOT_FOUND;\r
299 }\r
300\r
301 *Buffer = AllocatePool (BufferSize);\r
302 if (*Buffer == NULL) {\r
303 return EFI_OUT_OF_RESOURCES;\r
304 }\r
305\r
306 Status = gSmst->SmmLocateHandle (\r
307 ByProtocol,\r
308 &gEfiSmmFirmwareVolumeBlockProtocolGuid,\r
309 NULL,\r
310 &BufferSize,\r
311 *Buffer\r
312 );\r
313\r
314 *NumberHandles = BufferSize / sizeof(EFI_HANDLE);\r
315 if (EFI_ERROR(Status)) {\r
316 *NumberHandles = 0;\r
5e5bb2a9
SZ		 317 FreePool (*Buffer);\r
318 *Buffer = NULL;\r
8a2d4996 319 }\r
320\r
321 return Status;\r
322}\r
323\r
324\r
325/**\r
326 Get the variable statistics information from the information buffer pointed by gVariableInfo.\r
327\r
2445a70e 328 Caution: This function may be invoked at SMM runtime.\r
329 InfoEntry and InfoSize are external input. Care must be taken to make sure not security issue at runtime.\r
330\r
331 @param[in, out] InfoEntry A pointer to the buffer of variable information entry.\r
fa0737a8 332 On input, point to the variable information returned last time. if\r
2445a70e 333 InfoEntry->VendorGuid is zero, return the first information.\r
334 On output, point to the next variable information.\r
335 @param[in, out] InfoSize On input, the size of the variable information buffer.\r
336 On output, the returned variable information size.\r
8a2d4996 337\r
fa0737a8
SZ		 338 @retval EFI_SUCCESS The variable information is found and returned successfully.\r
339 @retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The\r
340 PcdVariableCollectStatistics should be set TRUE to support it.\r
341 @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information.\r
342 @retval EFI_INVALID_PARAMETER Input parameter is invalid.\r
8a2d4996 343\r
344**/\r
345EFI_STATUS\r
346SmmVariableGetStatistics (\r
d00ed85e 347 IN OUT VARIABLE_INFO_ENTRY *InfoEntry,\r
8a2d4996 348 IN OUT UINTN *InfoSize\r
349 )\r
350{\r
d00ed85e 351 VARIABLE_INFO_ENTRY *VariableInfo;\r
d5aef955 352 UINTN NameSize;\r
8a2d4996 353 UINTN StatisticsInfoSize;\r
354 CHAR16 *InfoName;\r
d5aef955 355 UINTN InfoNameMaxSize;\r
5e5bb2a9
SZ		 356 EFI_GUID VendorGuid;\r
357\r
fa0737a8
SZ		 358 if (InfoEntry == NULL) {\r
359 return EFI_INVALID_PARAMETER;\r
360 }\r
361\r
362 VariableInfo = gVariableInfo;\r
8a2d4996 363 if (VariableInfo == NULL) {\r
364 return EFI_UNSUPPORTED;\r
365 }\r
366\r
d5aef955 367 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY);\r
eb96e4f2 368 if (*InfoSize < StatisticsInfoSize) {\r
8a2d4996 369 *InfoSize = StatisticsInfoSize;\r
370 return EFI_BUFFER_TOO_SMALL;\r
371 }\r
372 InfoName = (CHAR16 *)(InfoEntry + 1);\r
d5aef955 373 InfoNameMaxSize = (*InfoSize - sizeof (VARIABLE_INFO_ENTRY));\r
8a2d4996 374\r
5e5bb2a9
SZ		 375 CopyGuid (&VendorGuid, &InfoEntry->VendorGuid);\r
376\r
39cde03c 377 if (IsZeroGuid (&VendorGuid)) {\r
8a2d4996 378 //\r
379 // Return the first variable info\r
380 //\r
d5aef955
SZ		 381 NameSize = StrSize (VariableInfo->Name);\r
382 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + NameSize;\r
383 if (*InfoSize < StatisticsInfoSize) {\r
384 *InfoSize = StatisticsInfoSize;\r
385 return EFI_BUFFER_TOO_SMALL;\r
386 }\r
d00ed85e 387 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));\r
d5aef955 388 CopyMem (InfoName, VariableInfo->Name, NameSize);\r
8a2d4996 389 *InfoSize = StatisticsInfoSize;\r
390 return EFI_SUCCESS;\r
391 }\r
392\r
393 //\r
394 // Get the next variable info\r
395 //\r
396 while (VariableInfo != NULL) {\r
5e5bb2a9 397 if (CompareGuid (&VariableInfo->VendorGuid, &VendorGuid)) {\r
d5aef955
SZ		 398 NameSize = StrSize (VariableInfo->Name);\r
399 if (NameSize <= InfoNameMaxSize) {\r
400 if (CompareMem (VariableInfo->Name, InfoName, NameSize) == 0) {\r
8a2d4996 401 //\r
402 // Find the match one\r
403 //\r
404 VariableInfo = VariableInfo->Next;\r
405 break;\r
406 }\r
407 }\r
408 }\r
409 VariableInfo = VariableInfo->Next;\r
410 };\r
fa0737a8 411\r
8a2d4996 412 if (VariableInfo == NULL) {\r
413 *InfoSize = 0;\r
414 return EFI_SUCCESS;\r
415 }\r
416\r
417 //\r
418 // Output the new variable info\r
419 //\r
d5aef955
SZ		 420 NameSize = StrSize (VariableInfo->Name);\r
421 StatisticsInfoSize = sizeof (VARIABLE_INFO_ENTRY) + NameSize;\r
8a2d4996 422 if (*InfoSize < StatisticsInfoSize) {\r
423 *InfoSize = StatisticsInfoSize;\r
424 return EFI_BUFFER_TOO_SMALL;\r
425 }\r
426\r
d00ed85e 427 CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));\r
d5aef955 428 CopyMem (InfoName, VariableInfo->Name, NameSize);\r
8a2d4996 429 *InfoSize = StatisticsInfoSize;\r
fa0737a8 430\r
8a2d4996 431 return EFI_SUCCESS;\r
432}\r
433\r
434\r
435/**\r
436 Communication service SMI Handler entry.\r
437\r
438 This SMI handler provides services for the variable wrapper driver.\r
439\r
2445a70e 440 Caution: This function may receive untrusted input.\r
441 This variable data and communicate buffer are external input, so this function will do basic validation.\r
fa0737a8
SZ		 442 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),\r
443 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),\r
2445a70e 444 SmmVariableGetStatistics() should also do validation based on its own knowledge.\r
445\r
8a2d4996 446 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().\r
447 @param[in] RegisterContext Points to an optional handler context which was specified when the\r
448 handler was registered.\r
449 @param[in, out] CommBuffer A pointer to a collection of data in memory that will\r
450 be conveyed from a non-SMM environment into an SMM environment.\r
451 @param[in, out] CommBufferSize The size of the CommBuffer.\r
452\r
fa0737a8 453 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers\r
8a2d4996 454 should still be called.\r
fa0737a8 455 @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should\r
8a2d4996 456 still be called.\r
fa0737a8 457 @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still\r
8a2d4996 458 be called.\r
459 @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.\r
460**/\r
461EFI_STATUS\r
462EFIAPI\r
463SmmVariableHandler (\r
464 IN EFI_HANDLE DispatchHandle,\r
465 IN CONST VOID *RegisterContext,\r
466 IN OUT VOID *CommBuffer,\r
467 IN OUT UINTN *CommBufferSize\r
468 )\r
469{\r
470 EFI_STATUS Status;\r
471 SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader;\r
472 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader;\r
473 SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *GetNextVariableName;\r
474 SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *QueryVariableInfo;\r
fa0737a8 475 SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE *GetPayloadSize;\r
d00ed85e 476 VARIABLE_INFO_ENTRY *VariableInfo;\r
ff843847 477 SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock;\r
efb01a10 478 SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariableProperty;\r
8a2d4996 479 UINTN InfoSize;\r
9d00d20e 480 UINTN NameBufferSize;\r
5e5bb2a9 481 UINTN CommBufferPayloadSize;\r
164a9b67 482 UINTN TempCommBufferSize;\r
8a2d4996 483\r
2445a70e 484 //\r
485 // If input is invalid, stop processing this SMI\r
486 //\r
487 if (CommBuffer == NULL || CommBufferSize == NULL) {\r
488 return EFI_SUCCESS;\r
489 }\r
490\r
164a9b67
SZ		 491 TempCommBufferSize = *CommBufferSize;\r
492\r
493 if (TempCommBufferSize < SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) {\r
5e5bb2a9
SZ		 494 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer size invalid!\n"));\r
495 return EFI_SUCCESS;\r
496 }\r
164a9b67 497 CommBufferPayloadSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;\r
5e5bb2a9
SZ		 498 if (CommBufferPayloadSize > mVariableBufferPayloadSize) {\r
499 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer payload size invalid!\n"));\r
2445a70e 500 return EFI_SUCCESS;\r
501 }\r
502\r
842b1242 503 if (!SmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, TempCommBufferSize)) {\r
5e5bb2a9 504 DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n"));\r
2445a70e 505 return EFI_SUCCESS;\r
506 }\r
8a2d4996 507\r
508 SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *)CommBuffer;\r
509 switch (SmmVariableFunctionHeader->Function) {\r
510 case SMM_VARIABLE_FUNCTION_GET_VARIABLE:\r
5e5bb2a9
SZ		 511 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {\r
512 DEBUG ((EFI_D_ERROR, "GetVariable: SMM communication buffer size invalid!\n"));\r
513 return EFI_SUCCESS;\r
514 }\r
515 //\r
516 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.\r
517 //\r
518 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);\r
519 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) mVariableBufferPayload;\r
9d00d20e
SZ		 520 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||\r
521 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {\r
522 //\r
523 // Prevent InfoSize overflow happen\r
524 //\r
525 Status = EFI_ACCESS_DENIED;\r
526 goto EXIT;\r
527 }\r
fa0737a8 528 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)\r
2445a70e 529 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;\r
530\r
531 //\r
532 // SMRAM range check already covered before\r
533 //\r
5e5bb2a9
SZ		 534 if (InfoSize > CommBufferPayloadSize) {\r
535 DEBUG ((EFI_D_ERROR, "GetVariable: Data size exceed communication buffer size limit!\n"));\r
2445a70e 536 Status = EFI_ACCESS_DENIED;\r
537 goto EXIT;\r
538 }\r
539\r
e83d841f
HW		 540 //\r
541 // The MemoryLoadFence() call here is to ensure the previous range/content\r
542 // checks for the CommBuffer have been completed before the subsequent\r
543 // consumption of the CommBuffer content.\r
544 //\r
545 MemoryLoadFence ();\r
9d00d20e
SZ		 546 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {\r
547 //\r
548 // Make sure VariableName is A Null-terminated string.\r
549 //\r
550 Status = EFI_ACCESS_DENIED;\r
551 goto EXIT;\r
552 }\r
553\r
8a2d4996 554 Status = VariableServiceGetVariable (\r
555 SmmVariableHeader->Name,\r
556 &SmmVariableHeader->Guid,\r
557 &SmmVariableHeader->Attributes,\r
558 &SmmVariableHeader->DataSize,\r
559 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize\r
560 );\r
5e5bb2a9 561 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);\r
8a2d4996 562 break;\r
fa0737a8 563\r
8a2d4996 564 case SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME:\r
5e5bb2a9
SZ		 565 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {\r
566 DEBUG ((EFI_D_ERROR, "GetNextVariableName: SMM communication buffer size invalid!\n"));\r
567 return EFI_SUCCESS;\r
568 }\r
569 //\r
570 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.\r
571 //\r
572 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);\r
573 GetNextVariableName = (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) mVariableBufferPayload;\r
9d00d20e
SZ		 574 if ((UINTN)(~0) - GetNextVariableName->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {\r
575 //\r
576 // Prevent InfoSize overflow happen\r
577 //\r
578 Status = EFI_ACCESS_DENIED;\r
579 goto EXIT;\r
580 }\r
2445a70e 581 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name) + GetNextVariableName->NameSize;\r
582\r
583 //\r
584 // SMRAM range check already covered before\r
585 //\r
5e5bb2a9
SZ		 586 if (InfoSize > CommBufferPayloadSize) {\r
587 DEBUG ((EFI_D_ERROR, "GetNextVariableName: Data size exceed communication buffer size limit!\n"));\r
2445a70e 588 Status = EFI_ACCESS_DENIED;\r
589 goto EXIT;\r
590 }\r
591\r
5e5bb2a9 592 NameBufferSize = CommBufferPayloadSize - OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name);\r
9d00d20e
SZ		 593 if (NameBufferSize < sizeof (CHAR16) || GetNextVariableName->Name[NameBufferSize/sizeof (CHAR16) - 1] != L'\0') {\r
594 //\r
595 // Make sure input VariableName is A Null-terminated string.\r
596 //\r
597 Status = EFI_ACCESS_DENIED;\r
598 goto EXIT;\r
599 }\r
600\r
8a2d4996 601 Status = VariableServiceGetNextVariableName (\r
602 &GetNextVariableName->NameSize,\r
603 GetNextVariableName->Name,\r
604 &GetNextVariableName->Guid\r
605 );\r
5e5bb2a9 606 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);\r
8a2d4996 607 break;\r
fa0737a8 608\r
8a2d4996 609 case SMM_VARIABLE_FUNCTION_SET_VARIABLE:\r
5e5bb2a9
SZ		 610 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {\r
611 DEBUG ((EFI_D_ERROR, "SetVariable: SMM communication buffer size invalid!\n"));\r
612 return EFI_SUCCESS;\r
613 }\r
614 //\r
615 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.\r
616 //\r
617 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);\r
618 SmmVariableHeader = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *) mVariableBufferPayload;\r
9d00d20e
SZ		 619 if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||\r
620 ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) {\r
621 //\r
622 // Prevent InfoSize overflow happen\r
623 //\r
624 Status = EFI_ACCESS_DENIED;\r
625 goto EXIT;\r
626 }\r
d17c4eac 627 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)\r
628 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize;\r
629\r
630 //\r
631 // SMRAM range check already covered before\r
632 // Data buffer should not contain SMM range\r
633 //\r
5e5bb2a9
SZ		 634 if (InfoSize > CommBufferPayloadSize) {\r
635 DEBUG ((EFI_D_ERROR, "SetVariable: Data size exceed communication buffer size limit!\n"));\r
d17c4eac 636 Status = EFI_ACCESS_DENIED;\r
637 goto EXIT;\r
638 }\r
639\r
e83d841f
HW		 640 //\r
641 // The MemoryLoadFence() call here is to ensure the previous range/content\r
642 // checks for the CommBuffer have been completed before the subsequent\r
643 // consumption of the CommBuffer content.\r
644 //\r
645 MemoryLoadFence ();\r
9d00d20e
SZ		 646 if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {\r
647 //\r
648 // Make sure VariableName is A Null-terminated string.\r
649 //\r
650 Status = EFI_ACCESS_DENIED;\r
651 goto EXIT;\r
652 }\r
653\r
8a2d4996 654 Status = VariableServiceSetVariable (\r
655 SmmVariableHeader->Name,\r
656 &SmmVariableHeader->Guid,\r
657 SmmVariableHeader->Attributes,\r
658 SmmVariableHeader->DataSize,\r
659 (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize\r
660 );\r
661 break;\r
fa0737a8 662\r
8a2d4996 663 case SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO:\r
5e5bb2a9
SZ		 664 if (CommBufferPayloadSize < sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) {\r
665 DEBUG ((EFI_D_ERROR, "QueryVariableInfo: SMM communication buffer size invalid!\n"));\r
666 return EFI_SUCCESS;\r
2445a70e 667 }\r
5e5bb2a9 668 QueryVariableInfo = (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *) SmmVariableFunctionHeader->Data;\r
2445a70e 669\r
8a2d4996 670 Status = VariableServiceQueryVariableInfo (\r
671 QueryVariableInfo->Attributes,\r
672 &QueryVariableInfo->MaximumVariableStorageSize,\r
673 &QueryVariableInfo->RemainingVariableStorageSize,\r
674 &QueryVariableInfo->MaximumVariableSize\r
675 );\r
676 break;\r
677\r
fa0737a8
SZ		 678 case SMM_VARIABLE_FUNCTION_GET_PAYLOAD_SIZE:\r
679 if (CommBufferPayloadSize < sizeof (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE)) {\r
680 DEBUG ((EFI_D_ERROR, "GetPayloadSize: SMM communication buffer size invalid!\n"));\r
681 return EFI_SUCCESS;\r
682 }\r
683 GetPayloadSize = (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE *) SmmVariableFunctionHeader->Data;\r
684 GetPayloadSize->VariablePayloadSize = mVariableBufferPayloadSize;\r
685 Status = EFI_SUCCESS;\r
686 break;\r
687\r
8a2d4996 688 case SMM_VARIABLE_FUNCTION_READY_TO_BOOT:\r
876ac395 689 if (AtRuntime()) {\r
690 Status = EFI_UNSUPPORTED;\r
691 break;\r
692 }\r
8021f4c7 693 if (!mEndOfDxe) {\r
f1304280 694 MorLockInitAtEndOfDxe ();\r
8021f4c7
SZ		 695 mEndOfDxe = TRUE;\r
696 VarCheckLibInitializeAtEndOfDxe (NULL);\r
697 //\r
698 // The initialization for variable quota.\r
699 //\r
700 InitializeVariableQuota ();\r
701 }\r
8a2d4996 702 ReclaimForOS ();\r
703 Status = EFI_SUCCESS;\r
704 break;\r
fa0737a8 705\r
8a2d4996 706 case SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE:\r
707 mAtRuntime = TRUE;\r
708 Status = EFI_SUCCESS;\r
709 break;\r
710\r
711 case SMM_VARIABLE_FUNCTION_GET_STATISTICS:\r
d00ed85e 712 VariableInfo = (VARIABLE_INFO_ENTRY *) SmmVariableFunctionHeader->Data;\r
164a9b67 713 InfoSize = TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;\r
2445a70e 714\r
715 //\r
fa0737a8
SZ		 716 // Do not need to check SmmVariableFunctionHeader->Data in SMRAM here.\r
717 // It is covered by previous CommBuffer check\r
2445a70e 718 //\r
fa0737a8 719\r
62016c1e
SZ		 720 //\r
721 // Do not need to check CommBufferSize buffer as it should point to SMRAM\r
722 // that was used by SMM core to cache CommSize from SmmCommunication protocol.\r
723 //\r
2445a70e 724\r
8a2d4996 725 Status = SmmVariableGetStatistics (VariableInfo, &InfoSize);\r
3f5c168f 726 *CommBufferSize = InfoSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;\r
8a2d4996 727 break;\r
728\r
ff843847 729 case SMM_VARIABLE_FUNCTION_LOCK_VARIABLE:\r
51547bb8 730 if (mEndOfDxe) {\r
ff843847 731 Status = EFI_ACCESS_DENIED;\r
51547bb8
RN		 732 } else {\r
733 VariableToLock = (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *) SmmVariableFunctionHeader->Data;\r
734 Status = VariableLockRequestToLock (\r
735 NULL,\r
736 VariableToLock->Name,\r
737 &VariableToLock->Guid\r
738 );\r
ff843847 739 }\r
ff843847 740 break;\r
efb01a10
SZ		 741 case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET:\r
742 if (mEndOfDxe) {\r
743 Status = EFI_ACCESS_DENIED;\r
744 } else {\r
745 CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) SmmVariableFunctionHeader->Data;\r
746 Status = VarCheckVariablePropertySet (\r
747 CommVariableProperty->Name,\r
748 &CommVariableProperty->Guid,\r
749 &CommVariableProperty->VariableProperty\r
750 );\r
751 }\r
752 break;\r
753 case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET:\r
754 if (CommBufferPayloadSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {\r
755 DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: SMM communication buffer size invalid!\n"));\r
756 return EFI_SUCCESS;\r
757 }\r
758 //\r
759 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.\r
760 //\r
761 CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);\r
762 CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) mVariableBufferPayload;\r
763 if ((UINTN) (~0) - CommVariableProperty->NameSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {\r
764 //\r
765 // Prevent InfoSize overflow happen\r
766 //\r
767 Status = EFI_ACCESS_DENIED;\r
768 goto EXIT;\r
769 }\r
770 InfoSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) + CommVariableProperty->NameSize;\r
771\r
772 //\r
773 // SMRAM range check already covered before\r
774 //\r
775 if (InfoSize > CommBufferPayloadSize) {\r
776 DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: Data size exceed communication buffer size limit!\n"));\r
777 Status = EFI_ACCESS_DENIED;\r
778 goto EXIT;\r
779 }\r
780\r
e83d841f
HW		 781 //\r
782 // The MemoryLoadFence() call here is to ensure the previous range/content\r
783 // checks for the CommBuffer have been completed before the subsequent\r
784 // consumption of the CommBuffer content.\r
785 //\r
786 MemoryLoadFence ();\r
efb01a10
SZ		 787 if (CommVariableProperty->NameSize < sizeof (CHAR16) || CommVariableProperty->Name[CommVariableProperty->NameSize/sizeof (CHAR16) - 1] != L'\0') {\r
788 //\r
789 // Make sure VariableName is A Null-terminated string.\r
790 //\r
791 Status = EFI_ACCESS_DENIED;\r
792 goto EXIT;\r
793 }\r
794\r
795 Status = VarCheckVariablePropertyGet (\r
796 CommVariableProperty->Name,\r
797 &CommVariableProperty->Guid,\r
798 &CommVariableProperty->VariableProperty\r
799 );\r
800 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);\r
801 break;\r
ff843847 802\r
8a2d4996 803 default:\r
8a2d4996 804 Status = EFI_UNSUPPORTED;\r
805 }\r
806\r
2445a70e 807EXIT:\r
808\r
8a2d4996 809 SmmVariableFunctionHeader->ReturnStatus = Status;\r
810\r
811 return EFI_SUCCESS;\r
812}\r
813\r
ff843847
RN		 814/**\r
815 SMM END_OF_DXE protocol notification event handler.\r
816\r
817 @param Protocol Points to the protocol's unique identifier\r
818 @param Interface Points to the interface instance\r
819 @param Handle The handle on which the interface was installed\r
820\r
821 @retval EFI_SUCCESS SmmEndOfDxeCallback runs successfully\r
822\r
823**/\r
824EFI_STATUS\r
825EFIAPI\r
826SmmEndOfDxeCallback (\r
827 IN CONST EFI_GUID *Protocol,\r
828 IN VOID *Interface,\r
829 IN EFI_HANDLE Handle\r
830 )\r
831{\r
8021f4c7 832 DEBUG ((EFI_D_INFO, "[Variable]SMM_END_OF_DXE is signaled\n"));\r
f1304280 833 MorLockInitAtEndOfDxe ();\r
ff843847 834 mEndOfDxe = TRUE;\r
8021f4c7 835 VarCheckLibInitializeAtEndOfDxe (NULL);\r
4edb1866
SZ		 836 //\r
837 // The initialization for variable quota.\r
838 //\r
839 InitializeVariableQuota ();\r
0fb5e515
SZ		 840 if (PcdGetBool (PcdReclaimVariableSpaceAtEndOfDxe)) {\r
841 ReclaimForOS ();\r
842 }\r
8021f4c7 843\r
ff843847
RN		 844 return EFI_SUCCESS;\r
845}\r
8a2d4996 846\r
847/**\r
848 SMM Fault Tolerant Write protocol notification event handler.\r
849\r
fa0737a8 850 Non-Volatile variable write may needs FTW protocol to reclaim when\r
8a2d4996 851 writting variable.\r
fa0737a8 852\r
8a2d4996 853 @param Protocol Points to the protocol's unique identifier\r
854 @param Interface Points to the interface instance\r
855 @param Handle The handle on which the interface was installed\r
856\r
857 @retval EFI_SUCCESS SmmEventCallback runs successfully\r
858 @retval EFI_NOT_FOUND The Fvb protocol for variable is not found.\r
fa0737a8 859\r
8a2d4996 860 **/\r
861EFI_STATUS\r
862EFIAPI\r
863SmmFtwNotificationEvent (\r
864 IN CONST EFI_GUID *Protocol,\r
865 IN VOID *Interface,\r
866 IN EFI_HANDLE Handle\r
867 )\r
868{\r
869 EFI_STATUS Status;\r
870 EFI_SMM_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol;\r
871 EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol;\r
872 EFI_PHYSICAL_ADDRESS NvStorageVariableBase;\r
2c4b18e0 873 UINTN FtwMaxBlockSize;\r
fa0737a8 874\r
8a2d4996 875 if (mVariableModuleGlobal->FvbInstance != NULL) {\r
876 return EFI_SUCCESS;\r
877 }\r
878\r
879 //\r
880 // Ensure SMM FTW protocol is installed.\r
881 //\r
5c7fa429 882 Status = GetFtwProtocol ((VOID **)&FtwProtocol);\r
8a2d4996 883 if (EFI_ERROR (Status)) {\r
884 return Status;\r
885 }\r
886\r
2c4b18e0
SZ		 887 Status = FtwProtocol->GetMaxBlockSize (FtwProtocol, &FtwMaxBlockSize);\r
888 if (!EFI_ERROR (Status)) {\r
889 ASSERT (PcdGet32 (PcdFlashNvStorageVariableSize) <= FtwMaxBlockSize);\r
890 }\r
891\r
8a2d4996 892 //\r
893 // Find the proper FVB protocol for variable.\r
894 //\r
895 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet64 (PcdFlashNvStorageVariableBase64);\r
896 if (NvStorageVariableBase == 0) {\r
897 NvStorageVariableBase = (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdFlashNvStorageVariableBase);\r
898 }\r
899 Status = GetFvbInfoByAddress (NvStorageVariableBase, NULL, &FvbProtocol);\r
900 if (EFI_ERROR (Status)) {\r
901 return EFI_NOT_FOUND;\r
902 }\r
903\r
904 mVariableModuleGlobal->FvbInstance = FvbProtocol;\r
fa0737a8 905\r
8a2d4996 906 Status = VariableWriteServiceInitialize ();\r
fa0737a8
SZ		 907 if (EFI_ERROR (Status)) {\r
908 DEBUG ((DEBUG_ERROR, "Variable write service initialization failed. Status = %r\n", Status));\r
909 }\r
910\r
8a2d4996 911 //\r
912 // Notify the variable wrapper driver the variable write service is ready\r
913 //\r
914 Status = gBS->InstallProtocolInterface (\r
915 &mSmmVariableHandle,\r
d00ed85e 916 &gSmmVariableWriteGuid,\r
8a2d4996 917 EFI_NATIVE_INTERFACE,\r
918 NULL\r
919 );\r
920 ASSERT_EFI_ERROR (Status);\r
fa0737a8 921\r
8a2d4996 922 return EFI_SUCCESS;\r
923}\r
924\r
925\r
926/**\r
927 Variable Driver main entry point. The Variable driver places the 4 EFI\r
fa0737a8 928 runtime services in the EFI System Table and installs arch protocols\r
d00ed85e 929 for variable read and write services being available. It also registers\r
8a2d4996 930 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.\r
931\r
fa0737a8 932 @param[in] ImageHandle The firmware allocated handle for the EFI image.\r
8a2d4996 933 @param[in] SystemTable A pointer to the EFI System Table.\r
fa0737a8 934\r
8a2d4996 935 @retval EFI_SUCCESS Variable service successfully initialized.\r
936\r
937**/\r
938EFI_STATUS\r
939EFIAPI\r
940VariableServiceInitialize (\r
941 IN EFI_HANDLE ImageHandle,\r
942 IN EFI_SYSTEM_TABLE *SystemTable\r
943 )\r
944{\r
945 EFI_STATUS Status;\r
946 EFI_HANDLE VariableHandle;\r
947 VOID *SmmFtwRegistration;\r
ff843847 948 VOID *SmmEndOfDxeRegistration;\r
2445a70e 949\r
8a2d4996 950 //\r
951 // Variable initialize.\r
952 //\r
953 Status = VariableCommonInitialize ();\r
954 ASSERT_EFI_ERROR (Status);\r
955\r
956 //\r
957 // Install the Smm Variable Protocol on a new handle.\r
958 //\r
959 VariableHandle = NULL;\r
960 Status = gSmst->SmmInstallProtocolInterface (\r
961 &VariableHandle,\r
962 &gEfiSmmVariableProtocolGuid,\r
963 EFI_NATIVE_INTERFACE,\r
964 &gSmmVariable\r
965 );\r
966 ASSERT_EFI_ERROR (Status);\r
967\r
efb01a10
SZ		 968 Status = gSmst->SmmInstallProtocolInterface (\r
969 &VariableHandle,\r
970 &gEdkiiSmmVarCheckProtocolGuid,\r
971 EFI_NATIVE_INTERFACE,\r
972 &mSmmVarCheck\r
973 );\r
974 ASSERT_EFI_ERROR (Status);\r
975\r
9b4a2032 976 mVariableBufferPayloadSize = GetMaxVariableSize () +\r
fa0737a8 977 OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - GetVariableHeaderSize ();\r
5e5bb2a9
SZ		 978\r
979 Status = gSmst->SmmAllocatePool (\r
980 EfiRuntimeServicesData,\r
981 mVariableBufferPayloadSize,\r
982 (VOID **)&mVariableBufferPayload\r
983 );\r
984 ASSERT_EFI_ERROR (Status);\r
985\r
8a2d4996 986 ///\r
987 /// Register SMM variable SMI handler\r
988 ///\r
989 VariableHandle = NULL;\r
990 Status = gSmst->SmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle);\r
991 ASSERT_EFI_ERROR (Status);\r
fa0737a8 992\r
8a2d4996 993 //\r
994 // Notify the variable wrapper driver the variable service is ready\r
995 //\r
996 Status = SystemTable->BootServices->InstallProtocolInterface (\r
997 &mVariableHandle,\r
998 &gEfiSmmVariableProtocolGuid,\r
999 EFI_NATIVE_INTERFACE,\r
1000 &gSmmVariable\r
1001 );\r
1002 ASSERT_EFI_ERROR (Status);\r
fa0737a8 1003\r
ff843847
RN		 1004 //\r
1005 // Register EFI_SMM_END_OF_DXE_PROTOCOL_GUID notify function.\r
1006 //\r
1007 Status = gSmst->SmmRegisterProtocolNotify (\r
1008 &gEfiSmmEndOfDxeProtocolGuid,\r
1009 SmmEndOfDxeCallback,\r
1010 &SmmEndOfDxeRegistration\r
1011 );\r
1012 ASSERT_EFI_ERROR (Status);\r
1013\r
8a2d4996 1014 //\r
1015 // Register FtwNotificationEvent () notify function.\r
fa0737a8 1016 //\r
8a2d4996 1017 Status = gSmst->SmmRegisterProtocolNotify (\r
1018 &gEfiSmmFaultTolerantWriteProtocolGuid,\r
1019 SmmFtwNotificationEvent,\r
1020 &SmmFtwRegistration\r
1021 );\r
1022 ASSERT_EFI_ERROR (Status);\r
1023\r
1024 SmmFtwNotificationEvent (NULL, NULL, NULL);\r
fa0737a8 1025\r
8a2d4996 1026 return EFI_SUCCESS;\r
1027}\r
1028\r
1029\r
EFI Development Kit II mirror for PVE